COMMONWEALTH OF VIRGINIA - Eva.virginia.gov
COMMONWEALTH OF VIRGINIA - Eva.virginia.gov
COMMONWEALTH OF VIRGINIA - Eva.virginia.gov
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
eVA Electronic Procurement System Security Standards<br />
Department of General Services / Division of Purchases and Supply Date: May 1, 2013<br />
or Designee where the request cannot be<br />
performed by the Entity or the DPS<br />
Account Executive.<br />
The Global eVA Security Officer is<br />
empowered to take or authorize<br />
appropriate actions deemed necessary to<br />
protect COVA from fraud, misuse, or<br />
abuse. Actions taken to prevent or<br />
respond to incidents including: fraud,<br />
waste, or abuse shall be reported to the<br />
DPS Director or designee and the<br />
Director of DGS Information Systems<br />
and Services, who will review the action<br />
within ten (10) workdays. The DPS<br />
Director or designee shall approve the<br />
action or direct access to be reestablished<br />
with or without conditions.<br />
Global eVA Technical Lead<br />
The Global eVA Technical Lead is<br />
empowered to take or authorize<br />
appropriate actions deemed necessary to<br />
protect COVA from security incidents.<br />
For occurrences of intrusion reported by<br />
service provider, the DGS Information<br />
Security Officer will also be notified<br />
Service Provider Administrator (CGI)<br />
Overall security to protect eVA is the<br />
responsibility of CGI. Examples of their<br />
responsibilities include providing:<br />
<br />
Technical training materials to the<br />
Global eVA Security Officer.<br />
<br />
<br />
<br />
<br />
<br />
<br />
A technical security architecture that<br />
secures telecommunications, data<br />
and systems interoperability.<br />
Physical security for the service<br />
offering hardware, software, and data<br />
as well as personnel security.<br />
Threat detection, incident handling,<br />
and monitoring and controlling of<br />
systems activities as required,<br />
detecting security violations and<br />
maintaining audit trails of security<br />
administration activities and/or<br />
system administration access to the<br />
eVA service offering.<br />
For establishment of an incident<br />
response team charged with<br />
responding to misuse, abuse, or<br />
unauthorized access of eVA. The<br />
Global eVA Security Officer shall be<br />
a member of this response team and<br />
shall follow all directives of the<br />
designated response team leader.<br />
For monitoring of the eVA solution,<br />
responding to incidents, and<br />
informing the Global eVA Security<br />
Officer of any intrusions or attacks<br />
that penetrate eVA firewalls or<br />
violations of eVA or CGI-AMS<br />
security standards.<br />
For business continuity of eVA.<br />
Page 7